IBM Z Hardware and Operating Systems Ideas Portal
Hide about this portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace z/OS
Categories RACF
Created by Guest
Created on Oct 7, 2019

RELATED IDEAS

Prevent the user to activate all RACF cdt classes trying to list the active options

The way RACF is designed today, it doesn't allow an user to filter sort of options it has in effect. For example, if I want to list only the active classes, there isn't a filter for that suggesting I should use SETROPTS LIST to list everything. That could drive me or whoever is using it to make a mistake trying to list only the active classes, what was the case for what I am hitting this request. Even if there isn't a possibility to change the RACF base code or there is a decision on not doing that, it could be either adding a way to prevent the filter to be used i.e. SETROPTS CLASSACT(*) LIST. The preventing may suggest an invalid syntax message perhaps, either not doing anything as this is not the correct command or at least don't allow any append understanding this would be an unique command. I also though in an usermod or an exit but again, these can or not be implemented and while they aren't, Customers may be still vulnerable.

Idea priority Medium
  • Guest
    Reply
    |     Jul 10, 2023
    This item is a valid requirement but unlikely to be given high enough priority to be placed into the product plan. If this requirement is high value, please re-open it, or open a new requirement.
    We suggest using IRRXUTIL if you would like to filter this information.
  • Guest
    Reply
    |     Dec 19, 2019

    This requirement has been accepted as an uncommitted candidate. Thanks.

  • Guest
    Reply
    |     Oct 8, 2019

    Hi Robert - yes, I am not thinking in modifying the SETROPTS LIST but instead, preventing users to try a different command like the one I mentioned when there was an attempt to filter the active classes. If there isn't a way to filter, RACF couldn't just accept a command like SETROPTS CLASSACT(*) LIST as the list in this case would be part of an unique command and it doesn't go right after the SETROPTS. I am interested in seeing more comments about what I just wrote so we can think together in a way to close this vulnerability.

    Thanks,
    Lucas.

  • Guest
    Reply
    |     Oct 8, 2019

    Whereas I disagree with modifying SETROPTS LIST to allow listing subsets of its information, I do think SETROPTS should not accept and process CLASSACT(*) given that inadvertent activation of Default Return Code 8 classes could be very disruptive. SETROPTS should require classes to be individually named in CLASSACT.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.

Contact IBM Privacy Terms of use Accessibility